Getting errors in /var/log/messages: "BUG: KFENCE: out-of-bounds"
Environment
Red Hat Enterprise Linux 9
McAfee
Issue
- Getting errors in /var/log/messages:
BUG: KFENCE: out-of-boundswhen a task interacting with3rd party module associated to McAfee
Resolution
-
Engage with the
McAfee vendorfor further details and also check the application compatibility with the current OS -
Red Hat support policy regarding third-party packages in RHEL
Root Cause
Kernel Electric-Fence (KFENCE)is a low-overhead sampling-based memory safety error detector. KFENCE detectsheap out-of-bounds access, use-after-free, and invalid-free errorsmainly caused by third-party applications- This error will generally be reported if there is some
memory corruptionin the system.
Diagnostic Steps
- Following call traces were observed in /var/log/messages when the container-shim process was interacting with McAfee module.
kernel: BUG: KFENCE: out-of-bounds read in __memmove+0x128/0x1b0 <<----
kernel: Out-of-bounds read at 0x0000000096c9271a (512B right of kfence-#202): <<----
kernel: __memmove+0x128/0x1b0
kernel: mfe_aac_get_initiator_cmdline_name+0xbc/0xe0 [mfe_aac_100716843] <<----
kernel: mfe_aac_create_eventinfo_struct+0x302/0x630 [mfe_aac_100716843]
kernel: mfe_aac_process_pre_events+0xa3/0x1b0 [mfe_aac_100716843] <<----
kernel: mfe_aac_sys_open_64_bit+0x262/0x2a0 [mfe_aac_100716843]
kernel: mfe_fileaccess_sys_open_64_bit+0x30/0x1f0 [mfe_fileaccess_100716843] <<----
kernel: do_syscall_64+0x59/0x90
kernel: entry_SYSCALL_64_after_hwframe+0x72/0xdc
kernel:
kernel: kfence-#202: 0x0000000006f67972-0x00000000beab78ee, size=512, cache=kmalloc-512
kernel: allocated by task 11821 on cpu 2 at 1969990.110664s:
kernel: mfe_aac_create_eventinfo_struct+0x2dd/0x630 [mfe_aac_100716843] <<----
kernel: mfe_aac_process_pre_events+0xa3/0x1b0 [mfe_aac_100716843] <<----
kernel: mfe_aac_sys_open_64_bit+0x262/0x2a0 [mfe_aac_100716843] <<----
kernel: mfe_fileaccess_sys_open_64_bit+0x30/0x1f0 [mfe_fileaccess_100716843] <<----
kernel: do_syscall_64+0x59/0x90
kernel: entry_SYSCALL_64_after_hwframe+0x72/0xdc
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments